5 Fast and Easy Ways to Secure your WordPress WebsiteRead this post in 4 mins flat!

WordPress is quite simply the most popular website development option out there - about 30% of websites are made from WordPress.

Some more stats:

  • In 2017, 4,000 WordPress installs were infected with Malware because of a fake SEO plugin.
  • Out of 8,000 virus infected websites…Wordpress accounted for 74% of them!
  • 8% are due to terrible passwords.

STATS FROM: https://www.codeinwp.com/blog/wordpress-statistics/ 

No one wants to be hacked, it’s the worst – I promise! One of my clients (before they were my client) were getting hacked multiple times a year. The malware that attacked them deleted content and made their site look a mess.

It was a headache for them constantly – never mind the added expense of always having to pay to have it removed (FYI – since being with me, they haven’t had any attacks).

However, you can do your best to avoid this by doing these 5 fast and easy things:


Crappy passwords aren’t good for anything, especially for your business website!

If you have used a password ANYWHERE else, you cannot use it again. Please don’t do this.

You can try a software like I use called Keeper Security – it locks down all of my passwords…which means I really only have to remember ONE password. As long as I can access Keeper, I can access any passwords.

Or try creating tougher passwords with 12 letters (at least 2 uppercase), 2 numbers and 2 symbols.

I cannot stress how important this is for everything you do, not just your website.


Every time something changes with security, WordPress updates. They are VERY good at keeping things as secure as they can.

Make sure you update WordPress. Most installs are about 3-4 behind; that’s crazy!

Check every single week to see if there’s a new update – or better yet, let it AUTO update so you don’t even have to worry about it.

An old WordPress install is a huge vulnerability.

If you’re scared to update, then  pull a back-up of your whole site first. I use a plugin called Duplicator for this. It’s easy and does the job really well.


When WordPress is first installed it automatically creates an Admin account and SO often people just leave this as is.

Do not do this.

Instead, customize the Admin account name to be something more unusual, like “main23wp”.

On top of that, NEVER use your username as the default for author name. Always change that to show their first name instead of their username.

Handing over usernames to hackers just gives them one less thing to do when they want access to your site!

Stop helping them.


You can edit core WordPress files right from the dashboard (when you login to you website), which means, so can hackers!

Make it harder for them!

Stop allowing edits to take place this way. Access to your core files should only be available via FTP or the File Manager via your host.

While this is slightly more advanced, it’s simple enough that anyone can do it.

Again, and ALWAYS, if you’re worried, pull a full back-up before you do this. Here are the quick steps to do this:

  1. Login to your core files using FTP or your File Manager.
  2. Find the wp-config.pho file.
  3. Add the following code to the file:
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Once complete, you will no longer be able to EDIT files under the Dashboard (Appearance).


Files, plugins, and themes that just sit there doing nothing are just calling to hackers to use them in their plans.

So, always delete things you don’t use or need.

  • Deactivating a plugin is not enough, if you don’t use it – delete it!
  • Many people will install a couple of themes when they’re unsure about what one they want to use. Make sure that you delete the ones you did not choose and all but 1 of the WordPress standard themes (I always keep the latest one just in case I need it).
  • Delete these unnecessary files via FTP or File Manager:
    • Readme.html
    • Wp-config-sample.php
    • /wp-admin/install.php


There are still so many more things you can do. I actually complete 17 security items when I start a new project for a client.

If you have any questions, please let me know.

Get my 10 ways your website is saying "NO!" to your clients!

Share this post!

More Great stuff:

Leave a Reply

Your email address will not be published.

Learn how this Nonprofit made a whopping 68% bigger impact
(and you can too)

BrashBerry is a full service web design agency near Toronto, Canada. We believe websites should be more than just pretty spaces but rather the most critical asset in your business. 

If your website isn’t working for you, then you need one that does and we’re ready to help you T.H.R.I.V.E. today!

We believe that creativity works best with different perspectives from different people. That means our projects are worked on by brilliant people from all walks of life, love, and religion. It makes our company stronger and your project better.

© 2021 BrashBerry | Contact Us About Your Project Today and we’ll reply within 24-business hours (M-F 9-5pm EST, excluding holidays). Privacy Policy